gen-ec-cert: better error checking
This commit is contained in:
parent
e139dfbdb9
commit
ea435f67d5
@ -28,6 +28,12 @@ shift $((OPTIND - 1))
|
|||||||
domain=$1
|
domain=$1
|
||||||
|
|
||||||
(umask 077 && openssl genpkey -aes256 \
|
(umask 077 && openssl genpkey -aes256 \
|
||||||
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" -out "$domain.key") &&
|
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" -out "$domain.key")
|
||||||
|
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then
|
||||||
|
# openssl doesn't return an error code if there is a password mismatch
|
||||||
|
# or a password too short, and it creates the output file anyways
|
||||||
|
rm -f "$domain.key"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
|
openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
|
||||||
-key "$domain.key" -out "$domain.pem"
|
-key "$domain.key" -out "$domain.pem"
|
||||||
|
Loading…
Reference in New Issue
Block a user